The WatchGuard Firebox T10 brings comprehensive security protection to SOHO users. Setup and management of this UTM device is a bit tricky for non-administrators, but it's well worth the effort.

By Fahmida Y. RashidIt's best to update the firmware on hardware appliances right away, in case there are performance tweaks and improved security features. To update the firmware on the T10, you need to log in to WatchGuard's support portal to search for the latest software. Note that the login for the Web portal is not the same as the XTM Web UI. The distinction wasn't clear to me at first.

After you download the latest firmware file to your computer, you return to the XTM Web UI to run the upgrade. I would have preferred better integration here—either by having the management interface look for a firmware update and prompt when one is available or by making it easier to access the portal without having to create a new account. In all fairness, if the organization is already using other WatchGuard appliances, the administrator likely already has an account for the support portal, so this wouldn't be so confusing. But not having the management interface prompt users when new firmware is available is a real oversight.

For the employee who receives the T10 from headquarters, set up is simpler, thanks to a feature called Rapid Deploy. With Rapid Deploy, the appliance immediately connects to the cloud server as soon as it's connected to a network and downloads the configuration profile. It installs the settings and reports back to the administrator's central console. So long as the administrator took the time to create a profile for the T10, all the remote employee has to do is plug it into the network. Considering that IT administrators often can't go out to the employee's home, being able to simplify the setup in this manner is a definite plus.

User Experience and FeaturesThe Firebox T10 offers the same unified threat management capabilities available in WatchGuard's larger, corporate-focused models. This means companies don't have to sacrifice security for smaller environments—the Firebox extends to SOHO employees the same enterprise-class security protecting the rest of the business. The management interface reflects just how feature-rich the T10 is, to the point where it may be a bit confusing to navigate. It's impressive that, even with so many options, the interface never feels sluggish.

Thankfully, the tutorials are easy to find and use. I just wish the interface had more built-in tips and help text to explain some of the options. Be prepared to go to the support portal, visit other websites, or dig through the video tutorials to research some of the more advanced settings.

I particularly like the application traffic-management feature, which lets administrators control and limit the bandwidth available for business-critical and non-critical applications. Administrators can also create custom DLP signatures to extend pre-defined rules to prevent sensitive data from leaving the network. The T10 supports VPN, as mentioned, and you can easily create VPN users who can securely connect to the network from outside. Configuring the antivirus and spam-blocker on the T10 was also straightforward.

WatchGuard partners with third-party companies to offer additional security services, such as the advanced malware protection platform from Lastline, which evaluates objects entering the network. For example, the Lastline service analyzes PDF and other files entering the network—via email, for example—for advanced malware and other threats in the cloud using full-system emulation. Advanced malware detection tool APT Blocker comes pre-installed with a free 30-day trial.

WatchGuard Dimension is a separate cloud-based tool that turns the raw network data into actionable security intelligence in real time. Administrators can see key threats and top site usage across users.

PerformanceConsidering the various lines of defense—with the firewall, antivirus, and spam blocking available—I was concerned about network speed. Was I going to see a slowdown in network speed as traffic passed through each defensive layer? I was particularly worried about the APT Blocker feature which would analyze objects in the cloud for advanced persistent threats, zero-day threats, and advanced malware. I didn't notice any lag on the network, however, even as I downloaded all kinds of files and opened email attachments.

The T10 offers an application-layer firewall, which inspects network traffic entering and leaving the application and can sustain up to 200Mbps firewall throughput and 55Mbps UTM throughput. The VPN throughput is 30Mbps, antivirus throughput is 70Mbps, and intrusion prevention system throughput is 80Mbps. The T10 doesn't offer any wireless capabilities; it's a wired device and is intended to be deployed inline.

Comprehensive Security, but Still HardThe Firebox T10 solves a big challenge for organizations—protecting remote employees. This UTM comes packed with advanced features and doesn't skimp on security for the small office. It can be a bit of a challenge to find all the features and options within the interface, but the wealth of tutorials and help materials close the gap somewhat. If you've put off adding a UTM to your SOHO environment because of the cost and difficulty involved, the WatchGuard Firebox T10 is definitely worth a look.

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications...

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service